Bug 88136 - redhat-config-security level interface is confusing
redhat-config-security level interface is confusing
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-securitylevel (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Brent Fox
Depends On:
  Show dependency treegraph
Reported: 2003-04-06 11:45 EDT by Darren Brierton
Modified: 2007-04-18 12:52 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-05-20 15:24:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Darren Brierton 2003-04-06 11:45:13 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131

Description of problem:
If, like me, one does not understand very much about firewalls, the UI of
redhat-config-securitylevel is a little confusing: if you select "Customize"
instead of "Use default firewall rules" which takes precedence - "Trusted
devices" or "Allow incoming"?

Take this scenario: I don't want any connections from outside at all, but I run
VMware and want VMs to be able to access Apache on the host without allowing
HTTP requests from outside my machine to be allowed. If eth0 is not selected as
a trusted device but HTTP is selected for allow incoming, and an HTTP request
comes from eth0 which wins out? Similarly if vmnet0 is selected as a trusted
device but HTTP is not selected for allow incoming and an HTTP request comes
from vmnet0 what happens?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Start redhat-config-securitylevel
2. Select Customize
3. Become confused

Actual Results:  Nagging worry that I have opened a giant security hole in my

Expected Results:  Warm fuzzy feeling and sense of well-being that my firewall
is configured correctly

Additional info:
Comment 1 Need Real Name 2003-04-10 13:58:59 EDT
88388 is closed, but says a similar thing.
Comment 2 Brent Fox 2003-05-20 15:24:28 EDT
In general, the "Customize" part of any user interface assumes that the user
knows enough to make manual changes to override the default settings.  

I think that the documentation for this tool adaquately explains the choices
that the "Customize" mode presents.

I agree that the user interface layout could be improved.  However, there's only
so much that the interface can do to explain a concept as complicated as
firewalls to a user who is not familiar with them.

Note You need to log in before you can comment on or make changes to this bug.